1) We've taken our
network connection down to pretty much a minimum. We're still finding machines
internally that have been compromised.

2) The suite of tools that the attacker was using included the modified version
of RemotelyAnywhere (basically a Remote Desktop-style remote admin tool), Haxker
Defender (a process, registry key and file hiding tool), the key logger, and
various networking utilities that allowed them to transfer files (compressors,
NetCat, and FTP). We also are pretty sure they were sniffing our network to
gather passwords and other information. Haxker Defender includes a file system
driver that allows an attacker to have stuff on your machine that is invisible,
unless you do something like mount the drive under another OS that has NTFS
support.

We have determined one way of detecting some infected machines, which is using a
connection viewer to detect connections to anomalous hosts external to our
network.

We still don't know their entry method.

3) In general, the community has been remarkably swift at tracking down the
sources of the leak. What would be most helpful now are IP addresses of the
people who were responsible for the intrusion or for the denial of service
attacks.

4) Also, please continue to send in URLs of websites hosting the source code.
We've been contacting people and asking them to take it down.

5) There's anecdotal evidence that other game developers have been targeted by
whoever attacked us. This hasn't been confirmed. We've been providing other game
developers with more detailed information about the exploits and evidence of
infiltration.

6) We're running a little bit blind with our network shut down, but it seems
like some of the press has picked up the story. I've been fielding calls from
the mainstream non-games, non-technical press.all day. Hopefully they will get
to report shortly what a mistake it is to piss off a whole bunch of gamers and
get them hunting you around the Internet.